Black Hat wrap-up: Less hackers, but plenty of flaws

Black Hat wrapped up on Thursday after several days of vulnerability revelations that proved that the event hasn't lost its edge even as attendance skewed more heavily toward security professionals rather than hackers this year.

Known as one of the premier conferences for researchers to present the latest ways to unravel software and security systems, Black Hat has evolved in recent years. After a change of ownership last year, the conference bolstered its roster of sponsors and attendees at this tenth event.

In fact, organizers seemed to be unprepared for the growth in attendance. The lines for registration this year were significantly longer than last, rooms were packed to standing room capacity and there weren't enough conference materials to go around.

"There seem to be a lot more legitimate security professionals than I expected," said Larry Pesce of Defensive Intuition, who was attending the event for the first time.

New to this year's programming was a track of briefings run by Microsoft representatives. These presentations offered insights into software security strengths as Microsoft detailed security improvements it has made in its upcoming Windows Vista operating system.

There were still a number of presentations that uncovered new vulnerabilities. Even as Mirosoft touted improvements in Vista on Thursday, researcher Joanna Rutkowska with Singapore-based COSEINC explained how she was able work around the Vista beta's new mechanism designed to prevent the loading of unsigned drivers that can often lead to malware infection. Rutkowska emphasized that the method used wholly documented functionalities to bypass the new security system.

She said Microsoft still has work to do if it wants to close this security hole.

"I think Microsoft did a good job improving security, but that doesn't mean that Vista is totally secure," she said.

She also presented her latest Blue Pill rootkit, a proof-of-concept program that would give an attacker an undetectable backdoor to a system through the use of AMD's new Secure Virtual Machine, Pacifica.

Also among the 25 vulnerabilities revealed at the event this week was a flaw in Cisco's PIX firewall that would allow attackers to bypass the firewall and freely access networks behind the system.

Hendrick Scholz with Freelnet Cityline presented the flaw in the final slide in his presentation on VoIP security on Wednesday. The slide was taken out of the copy of Scholz's presentation given to attendees by Black Hat organizers. Little is known about the vulnerability as he has decided not to discuss the issue any further.

Many Black Hat attendees will stay on in Las Vegas through the weekend to attend more presentations on security techniques and vulnerabilities at this year's DEFCON event.

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.